Security researcher warns on UAE BlackBerry replacements

A security researcher warned that receivers of a BlackBerry replacement in the U.A.E. should scan their new phone for spyware.

An offer of free smartphones may be a ruse for users in the United Arab Emirates to receive a handset loaded with spyware, a security researcher has warned, saying people who trade in their BlackBerry for a new smartphone should do a spyware check.

The main mobile operator in the U.A.E. last week offered some BlackBerry users a free replacement smartphone due to a government order to suspend BlackBerry data services. Etisalat was told by government regulators to suspend BlackBerry email, Web browsing, instant messaging and social networking from 11October until the services meet regulations.

Although a deal with BlackBerry maker Research in Motion could forestall such an action, the mobile operator offered free replacement smartphones for BlackBerry devices.

"Given the U.A.E.'s past actions, I would advise all recipients of the free phones to do a full wipe on them prior to using them," said Sheran Gunasekera, director of security at Hermis Consultancy in Jakarta, Indonesia.

He suggested that anyone receiving a new smartphone as part of Etisalat's offer should try out spyware detection and clearing software from SMobile Systems, which makes security software for most major systems, including Android, BlackBerry, iPhone, Microsoft and Symbian.

Etisalat last year told its BlackBerry subscribers to download a software "upgrade" that turned out to be spyware, security researchers discovered. Once users downloaded the "upgrade," it forwarded the phone's emails to a central server. The ploy was discovered because the software drained BlackBerry batteries at an excessive rate, in as fast as 30 minutes after a full recharge.

Etisalat has maintained that the software was an upgrade.

BlackBerry devices are so secure that one of the best ways to get spyware on board is through social engineering, according to Gunasekera. Most spyware vendors suggest loading their software on a smartphone and then giving it to the victim as a gift, an effective social engineering ploy. Another is to ask users to download a seemingly harmless piece of software that actually carries a spyware payload onboard.